From patchwork Tue Apr 19 20:58:36 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Moore <pmoore@redhat.com>
X-Patchwork-Id: 8883391
Return-Path: <selinux-bounces@tycho.nsa.gov>
X-Original-To: patchwork-selinux@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 261E2BF29F
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 19 Apr 2016 21:03:15 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 869D6201F2
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 19 Apr 2016 21:03:14 +0000 (UTC)
Received: from emvm-gh1-uea09.nsa.gov (smtp.nsa.gov [8.44.101.9])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 798FE2010C
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 19 Apr 2016 21:03:13 +0000 (UTC)
X-TM-IMSS-Message-ID: <9f48c3150006249a@nsa.gov>
Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov
	([10.208.42.194]) with ESMTP (TREND IMSS SMTP Service 7.1) id
	9f48c3150006249a ; Tue, 19 Apr 2016 17:01:26 -0400
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3JL1kbk005376;
	Tue, 19 Apr 2016 17:01:46 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u3JKwd6Z056902 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Tue, 19 Apr 2016 16:58:39 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3JKwdUB004035
	for <selinux@tycho.nsa.gov>; Tue, 19 Apr 2016 16:58:39 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1DCAAAgmxZXkxy3hNFeHAGENzSnQJAnhA6IJgEBAQEBARMBAQEBCQsJCSGFGgSBAgUCJgJJKYgpnD+PXZF2fIUlgX2GWxpkgjSCVgWYDpdMhVQCRY5mghgMU4FvIDCHVgIeAYEcAQEB
X-IPAS-Result: 
 A1DCAAAgmxZXkxy3hNFeHAGENzSnQJAnhA6IJgEBAQEBARMBAQEBCQsJCSGFGgSBAgUCJgJJKYgpnD+PXZF2fIUlgX2GWxpkgjSCVgWYDpdMhVQCRY5mghgMU4FvIDCHVgIeAYEcAQEB
X-IronPort-AV: E=Sophos;i="5.24,507,1454994000"; d="scan'208";a="5394167"
Received: from emvm-gh1-uea09.nsa.gov ([10.208.42.194])
	by goalie.tycho.ncsc.mil with ESMTP; 19 Apr 2016 16:58:39 -0400
X-TM-IMSS-Message-ID: <9f45e2290006241f@nsa.gov>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by nsa.gov
	([10.208.42.194]) with ESMTP (TREND IMSS SMTP Service 7.1;
	TLSv1/SSLv3 ADH-AES256-SHA (256/256)) id 9f45e2290006241f ;
	Tue, 19 Apr 2016 16:58:17 -0400
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id AE2FFC05E154
	for <selinux@tycho.nsa.gov>; Tue, 19 Apr 2016 20:58:37 +0000 (UTC)
Received: from [127.0.0.1] (vpn-234-242.phx2.redhat.com [10.3.234.242])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id u3JKwbq2006174; Tue, 19 Apr 2016 16:58:37 -0400
Subject: [PATCH] selinux: check ss_initialized before revalidating an inode
	label
From: Paul Moore <pmoore@redhat.com>
To: selinux@tycho.nsa.gov
Date: Tue, 19 Apr 2016 16:58:36 -0400
Message-ID: <146109951681.27582.1227236515167711599.stgit@localhost>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-TM-AS-MML: disable
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Paul Moore <paul@paul-moore.com>

There is no point in trying to revalidate an inode's security label if
the security server is not yet initialized.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/selinux/hooks.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b09aad7..474011c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -259,7 +259,7 @@ static int __inode_security_revalidate(struct inode *inode,
 
 	might_sleep_if(may_sleep);
 
-	if (isec->initialized != LABEL_INITIALIZED) {
+	if (ss_initialized && isec->initialized != LABEL_INITIALIZED) {
 		if (!may_sleep)
 			return -ECHILD;